If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

name 192.168.101.253 exchange
name 192.168.101.3 mail_relay_pvt
name 192.168.101.4 web_outlook_pvt
name 192.168.5.100 gatin
name 192.168.2.23 exchange_pvt
name 192.168.101.6 webserver_dmz
name 192.168.101.8 redlineOWA
name 192.168.101.7 webredline
name 192.168.101.9 blackboard_vip
name 192.168.101.100 blackboard_dmz
name 192.168.101.99 Dns_Dmz
name 10.1.1.132 mail_relay
name 10.1.1.133 web_outlook
name 10.1.1.134 webserver
name 10.1.1.136 blackboard
name 10.1.1.138 intranet_web
name 10.1.1.137 Dns_Outside
name 192.168.101.21 intranet_vip
name 192.168.55.250 cv_inside
name 10.1.1.147 cv_outside
name 192.168.101.13 rees_redline
name 10.1.1.145 rees_out
name 192.168.101.249 ISADMZ

I accessed the PIX (inside address) device Manager (PDM) from my desktop (192.168.1.104) on our LAN and from another Desktop (192.168.1.56) on our LAN as well, why can not I see the "pdm location" for both those desktops ?

The issue here is that you need a real firewall audit. I happen to have *plenty* of experience with this. Here is how you do it on a production firewall:

1) Approach the system owners, starting with the edge servers (closest to the internet) and ask for a system security plan that provides specific details on what the box does and what needs to be accessed. If they don't have one, ask them to create one. If they resist, be sure they understand that they own the risk should something go wrong.

2) Once you have all the technical specifics, go through the ruleset and remove ACLs but place comments in there stating why you've done so. If there are no issues after a few months, you can remove the commented out ACLs and the explanations.

3) When you wrap up the audit, a good idea would be to run a vulnerability assessment tool (like Nessus) to see what your security stance is. If you find it unacceptable, you'll have enough organizational knowledge to suggest changes to lower risk.

This is an involved process that will take time. You certainly don't want to start removing ACLs from a production PIX without fully understanding the impact.

Also note that this is a simplified view of the process. You'll need to consider regulatory compliance issues when doing this and for the operational end of the equasion.

--TH13

Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden